This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/3WBdory9XqQbfC4TyXJx63N3UFw.roa
File:                     3WBdory9XqQbfC4TyXJx63N3UFw.roa (raw, json)
Hash identifier:          nahNFLPGEU3gQRtFtbIkO4bhI0n9GpvfWrrSsEPAAWY=
Subject key identifier:   DD:60:5D:A2:BC:BD:5E:A4:1B:7C:2E:13:C9:72:71:EB:73:77:50:5C
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       019B76EB53998A80329E73581538D7B7F7D5
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/3WBdory9XqQbfC4TyXJx63N3UFw.roa
Signing time:             Thu 01 Jan 2026 00:18:12 +0000
ROA not before:           Thu 01 Jan 2026 00:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62196
IP address blocks:        2.189.176.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:53:99:8a:80:32:9e:73:58:15:38:d7:b7:f7:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  1 00:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd605da2bcbd5ea41b7c2e13c97271eb7377505c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:de:98:fd:1f:43:a5:d5:c1:f7:b4:e2:17:3e:
                    a9:5f:2f:76:80:ed:59:09:95:9c:c4:14:e4:68:db:
                    3e:04:60:80:a1:7a:7f:88:cf:bc:c3:1e:de:1b:4c:
                    90:76:48:36:3f:99:d2:70:97:bc:d6:c8:ac:16:d3:
                    41:d4:e8:b0:8d:a9:3f:4f:c1:01:f5:a4:62:32:e2:
                    d7:0d:a6:c3:5b:da:06:3b:ff:f0:32:0d:6d:41:49:
                    0e:31:5d:eb:5e:d5:13:eb:0a:41:58:81:22:bf:59:
                    e4:38:0a:6a:86:7d:b9:2c:c6:2c:cd:f8:21:9a:15:
                    76:45:31:a9:13:f3:3e:8f:f4:d0:7a:86:9e:62:9a:
                    50:34:0e:b0:b4:d7:97:77:93:e2:de:7f:a3:98:20:
                    fe:d9:d8:79:d2:e4:9f:39:a1:e2:71:ca:fe:d2:1d:
                    08:a0:35:9b:16:c9:23:56:90:ab:67:e2:a1:44:5f:
                    94:e5:f6:52:04:f8:7f:ca:6d:78:ca:d4:d5:22:8c:
                    b2:30:58:6f:c5:89:e7:60:8f:74:7e:76:dc:3c:97:
                    2a:c6:65:e2:79:aa:46:8c:fc:67:c0:92:2e:d8:31:
                    43:f7:cd:ae:9c:a1:2e:86:9b:6e:69:1e:1d:d3:3e:
                    be:5e:b0:95:16:c1:f9:77:9c:7a:c9:c9:cb:1b:3b:
                    40:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:60:5D:A2:BC:BD:5E:A4:1B:7C:2E:13:C9:72:71:EB:73:77:50:5C
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/3WBdory9XqQbfC4TyXJx63N3UFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.189.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:f0:e8:c0:4a:9d:bb:3e:6c:9a:ce:5f:73:8a:21:4f:c8:6e:
         13:ba:9b:5f:c5:9e:35:ff:35:70:67:a8:9e:3a:06:83:e5:82:
         8a:8d:2a:59:f2:d2:19:d7:9a:0a:aa:20:ea:61:bb:31:96:e7:
         48:0c:af:73:55:77:8d:b5:c3:df:65:5b:7f:a1:d6:56:83:c4:
         a3:fd:6c:25:cf:74:ea:0a:30:06:7f:74:dc:9c:e0:08:b2:5e:
         c3:77:74:d1:83:50:cf:a6:32:0c:fb:e2:84:15:2c:02:7a:a8:
         41:5e:d2:37:d8:0e:4c:3a:95:67:63:9b:20:9c:d2:9a:6e:8f:
         b8:dd:31:7c:12:b4:31:43:07:b4:02:f7:36:f0:d8:7e:70:e0:
         50:59:2f:b1:00:11:db:52:88:b8:79:5c:62:74:ee:7f:a5:15:
         19:99:9e:1d:39:08:04:b2:0d:cd:34:bd:b2:14:3c:2c:4d:a1:
         04:52:e0:fb:88:cc:17:2b:31:f4:a0:ec:39:3e:1f:f3:3b:35:
         bd:ce:7e:5b:65:2d:12:82:ac:af:04:f9:4b:70:02:0c:46:d7:
         9b:08:df:1c:a6:8d:5b:65:ad:5b:78:83:0b:ba:0d:81:28:76:
         06:13:9c:86:fb:8b:ec:24:83:4b:27:d9:5c:1e:61:9f:a4:18:
         fd:54:64:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt261OZioAynnNYFTjXt/fVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjYwMTAxMDAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDYwNWRhMmJjYmQ1ZWE0MWI3YzJlMTNjOTcyNzFlYjczNzc1MDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN6Y/R9DpdXB97TiFz6pXy92gO1Z
CZWcxBTkaNs+BGCAoXp/iM+8wx7eG0yQdkg2P5nScJe81sisFtNB1Oiwjak/T8EB
9aRiMuLXDabDW9oGO//wMg1tQUkOMV3rXtUT6wpBWIEiv1nkOApqhn25LMYszfgh
mhV2RTGpE/M+j/TQeoaeYppQNA6wtNeXd5Pi3n+jmCD+2dh50uSfOaHiccr+0h0I
oDWbFskjVpCrZ+KhRF+U5fZSBPh/ym14ytTVIoyyMFhvxYnnYI90fnbcPJcqxmXi
eapGjPxnwJIu2DFD982unKEuhptuaR4d0z6+XrCVFsH5d5x6ycnLGztAQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1gXaK8vV6kG3wuE8lycetzd1BcMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvM1dCZG9yeTlYcVFiZkM0VHlYSng2M04zVUZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDAr2wMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ8OjASp27Pmyazl9ziiFPyG4TuptfxZ41/zVwZ6ie
OgaD5YKKjSpZ8tIZ15oKqiDqYbsxludIDK9zVXeNtcPfZVt/odZWg8Sj/Wwlz3Tq
CjAGf3TcnOAIsl7Dd3TRg1DPpjIM++KEFSwCeqhBXtI32A5MOpVnY5sgnNKabo+4
3TF8ErQxQwe0Avc28Nh+cOBQWS+xABHbUoi4eVxidO5/pRUZmZ4dOQgEsg3NNL2y
FDwsTaEEUuD7iMwXKzH0oOw5Ph/zOzW9zn5bZS0SgqyvBPlLcAIMRtebCN8cpo1b
Za1beIMLug2BKHYGE5yG+4vsJINLJ9lcHmGfpBj9VGRn
-----END CERTIFICATE-----